VDB
DEBIAN-CVE-2021-3560
DEBIAN-CVE-2021-3560
PUBLISHED
CVSS 7.800000190734863 HIGH
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | policykit-1 | 0, 0, 0 |
| Debian:13 | policykit-1 | 0, 0, 0 |
| Debian:14 | policykit-1 | 0, 0, 0 |
| Debian:12 | policykit-1 | 0, 0, 0 |
Exploit Intelligence
- Повышение привилегий через race condition в polkit (github-poc-repo)
- Повышение привилегий через race condition в polkit (github-poc)
- CVE-2021-3560 — Polkit privilege escalation exploit via accounts-daemon D-Bus race condition (github-poc)
- CVE-2021-3560 — Polkit privilege escalation exploit via accounts-daemon D-Bus race condition (github-poc-repo)
- secnigma/CVE-2021-3560-Polkit-Privilege-Esclation (github-poc-repo)
- PolicyKit CVE-2021-3560 Exploitation (Authentication Agent) (github-poc-repo)
- Polkit 0.105-26 0.117-2 - Local Privilege Escalation (github-poc-repo)
- asepsaepdin/CVE-2021-3560 (github-poc-repo)
- CVE-2021-3560 Bypass su - root (github-poc-repo)
- markyu0401/CVE-2021-3560-Polkit-Privilege-Escalation (github-poc-repo)
…and 43 more exploits
Timeline
- Feb 16, 2022 CVE Published
- Apr 28, 2026 CVE Updated